SIGURNOST
Cybersecurity Knowledge Quiz
Test your knowledge in the ever-evolving field of cybersecurity with our engaging quiz designed for newcomers and experts alike. Answer a series of challenging questions and see how well you understand crucial concepts in cybersecurity.
Key Features:
- Multiple-choice and checkbox questions
- Covering various aspects of cybersecurity
- Learn while you play!
1. Which statement best describes a motivation of hacktivists?
They are trying to show off their hacking skills.
They are interested in discovering new exploits.
They are curious and learning hacking skills.
They are part of a protest group behind a political cause.
Which type of cybercriminal is the most likely to create malware to compromise an organization by stealing credit card information?
White hat hackers
Black hat hackers
Gray hat hackers
Script kiddies
A specialist in the HR department is invited to promote the cybersecurity program in community schools. Which three topics would the specialist emphasize in the presentation to draw students to this field? (Choose three.)
A career-field in high-demand
Service to the public
High earning potential
A job with routine, day-to-day tasks
A field requiring a PhD degree
The CompTIA A+ certification provides an adequate knowledge base for the field
An organization allows employees to work from home two days a week. Which technology should be implemented to ensure data confidentiality as data is transmitted?
SHS
VLANS
RAID
VPN
Which type of networks poses increasing challenges to cybersecurity specialists due to the growth of BYOD on campus?
Wireless networks
Wired networks
Sneaker net
Virtual networks
A cybersecurity specialist is working with the IT staff to establish an effective information security plan. Which combination of security principles forms the foundation of a security plan?
Confidentiality, integrity, and availability
Technologies, policies, and awareness
Secrecy, identify, and nonrepudiation
Encryption, authentication, and identification
Which framework should be recommended for establishing a comprehensive information security management system in an organization?
ISO/IEC 27000
ISO OSI model
NIST/NICE framework
CIA Triad
What are three states of data during which data is vulnerable? (Choose three.)
Data in-process
Stored data
Data in-transit
Data encrypted
Purged data
Data decrypted
Users report that the database on the main server cannot be accessed. A database administrator verifies the issue and notices that the database file is now encrypted. The organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced?
Man-in-the-middle attack
Ransomeware
Trojan horse
DoS attack
What three best practices can help defend against social engineering attacks? (Choose three.)
Enable a policy that states that the IT department should supply information over the phone only to managers. Add more security guards.
Resist the urge to click on enticing web links.
Deploy well-designed firewall appliances.
Educate employees regarding policies.
Do not provide password resets in a chat window.
Which statement describes a distributed denial of service attack?
An attacker sends an enormous quantity of data that a server cannot handle.
An attacker builds a botnet comprised of zombies.
An attacker views network traffic to learn authentication credentials.
One computer accepts data packets based on the MAC address of another computer.
A cyber criminal sends a series of maliciously formatted packets to the database server. The server cannot parse the packets and the event causes the server crash. What is the type of attack the cyber criminal launches?
DoS
Man-in-the-middle
Packet Injection
SQL injection
An executive manager went to an important meeting. The secretary in the office receives a call from a person claiming that the executive manager is about to give an important presentation but the presentation files are corrupted. The caller sternly recommends that the secretary email the presentation right away to a personal email address. The caller also states that the executive is holding the secretary responsible for the success of this presentation. Which type of social engineering tactic would describe this scenario?
Urgency
Intimidation
Familiarity
Trusted partners
What are the two most effective ways to defend against malware? (Choose two.)
Implement network firewalls.
Install and update antivirus software.
Implement RAID.
Update the operating system and other application software.
Implement strong passwords.
Implement a VPN.
The employees in a company receive an email stating that the account password will expire immediately and requires a password reset within 5 minutes. Which statement would classify this email?
It is a piggy-back attack.
It is an impersonation attack.
It is a DDoS attack.
It is a hoax.
In which situation would a detective control be warranted?
When the organization needs to look for prohibited activity
After the organization has experienced a breach in order to restore everything back to a normal state
When the organization cannot use a guard dog, so it is necessary to consider an alternative
When the organization needs to repair damage
An organization has implemented antivirus software. What type of security control did the company implement?
Recovery control
Deterrent control
Detective control
Compensative control
Alice and Bob are using public key encryption to exchange a message. Which key should Alice use to encrypt a message to Bob?
The private key of Alice
The public key of Bob
The private key of Bob
The public key of Alice
Which statement describes a characteristics of block ciphers?
Block ciphers encrypt plaintext one bit at a time to form a block.
Block ciphers result in output data that is larger than the input data most of the time.
Block ciphers result in compressed output.
Block ciphers are faster than stream ciphers.
20. The IT department is tasked to implement a system that controls what a user can and cannot do on the corporate network. Which process should be implemented to meet the requirement?
User login auditing
A set of attributes that describes user access rights
Observations to be provided to all employees
A biometric fingerprint reader
Alice and Bob use a pre-shared key to exchange a confidential message. If Bob wants to send a confidential message to Carol, what key should he use?
The same pre-shared key he used with Alice
The private key of Carol
A new pre-shared key
The public key of Bob
Which access control strategy allows an object owner to determine whether to allow access to the object?
RBAC
DAC
MAC
ACL
Which method is used by steganography to hide text in an image file?
Data obfuscation
Data masking
Least significant bit
Most significant bit
The X.509 standards defines which security technology?
Digital certificates
Biometrics
Strong passwords
Security tokens
Which hashing algorithm is recommended for the protection of sensitive, unclassified information?
MD5
AES-256
3DES
SHA-256
Technicians are testing the security of an authentication system that uses passwords. When a technician examines the password tables, the technician discovers the passwords are stored as hash values. However, after comparing a simple password hash, the technician then discovers that the values are different from those on other systems. What are two causes of this situation? (Choose two.)
Both systems scramble the passwords before hashing.
The systems use different hashing algorithms.
One system uses hashing and the other uses hashing and salting.
Both systems use MD5.
One system uses symmetrical hashing and the other uses asymmetrical hashing.
You have been asked to work with the data collection and entry staff in your organization in order to improve data integrity during initial data entry and data modification operations. Several staff members ask you to explain why the new data entry screens limit the types and size of data able to be entered in specific fields. What is an example of a new data integrity control?
Data encryption operations that prevent any unauthorized users from accessing sensitive data
A limitation rule which has been implemented to prevent unauthorized staff from entering sensitive data
Data entry controls which only allow entry staff to view current data
A validation rule which has been implemented to ensure completeness, accuracy, and consistency of data
What technology should be implemented to verify the identity of an organization, to authenticate its website, and to provide an encrypted connection between a client and the website?
Digital signature
Salting
Digital certificate
Asymmetric encryption
Your organization will be handling market trades. You will be required to verify the identify of each customer who is executing a transaction. Which technology should be implemented to authenticate and verify customer electronic transactions?
Data hashing
Asymmetrical encryption
Symmetrical encryption
Digital certificates
Alice and Bob are using a digital signature to sign a document. What key should Alice use to sign the document so that Bob can make sure that the document came from Alice?
Public key from Bob
Private key from Alice
Username and password from Alice
Private key from Bob
An organization has determined that an employee has been cracking passwords on administrative accounts in order to access very sensitive payroll information. Which tools would you look for on the system of the employee? (Choose three)
Rainbow tables
Lookup tables
Algorithm tables
Password digest
Rouge access points
Reverse lookup tables
An organization wants to adopt a labeling system based on the value, sensitivity, and criticality of the information. What element of risk management is recommended?
Asset classification
Asset identification
Asset availability
Asset standardization
33. An organization has recently adopted a five nines program for two critical database servers. What type of controls will this involve?
Stronger encryption systems
Improving reliability and uptime of the servers
Remote access to thousands of external users
Limiting access to the data on these systems
Being able to maintain availability during disruptive events describes which of the principles of high availability?
Single point of failure
System resiliency
Fault tolerance
Uninterruptible services
Which risk mitigation strategies include outsourcing services and purchasing insurance?
Avoidance
Transfer
Reduction
Acceptance
The awareness and identification of vulnerabilities is a critical function of a cybersecurity specialist. Which of the following resources can be used to identify specific details about vulnerabilities?
CVE national database
NIST/NICE framework
ISO/IEC 27000 model
Infragard
Which technology would you implement to provide high availability for data storage?
N+1
Software updates
RAID
Hot standby
38. Which two values are required to calculate annual loss expectancy? (Choose two.)
Annual rate of occurrence
Asset value
Frequency factor
Exposure factor
Single loss expectancy
Quantitative loss value
What is it called when an organization only installs applications that meet its guidelines, and administrators increase security by eliminating all other applications?
Asset availability
Asset identification
Asset classification
Asset standardization
There are many environments that require five nines, but a five nines environment may be cost prohibitive. What is one example of where the five nines environment might be cost prohibitive?
Department stores at the local mall
The front office of a major league sports team
The U.S. Department of Education
The New York Stock Exchange
Which technology can be used to protect VoIP against eavesdropping?
ARP
Encrypted voice messages
Strong authentication
SSH
Mutual authentication can prevent which type of attack?
Wireless poisoning
Wireless IP spoofing
Wireless sniffing
Man-in-the-middle
Which of the following products or technologies would you use to establish a baseline for an operating system?
SANS Baselining System (SBS)
Microsoft Security Baseline Analyzer
MS Baseliner
CVE Baseline Analyzer
What Windows utility should be used to configure password rules and account lockout policies on a system that is not part of a domain?
Active Directory Security tool
Computer Management
Local Security Policy tool
Event Viewer security log
What describes the protection provided by a fence that is 1 meter in height?
It deters casual trespassers only.
It prevents casual trespassers because of its height.
The fence deters determined intruders.
It offers limited delay to a determined intruder.
Which wireless standard made AES and CCM mandatory?
WPA2
WEP
WEP2
WPA
47. Which three protocols can use Advanced Encryption Standard (AES)? (Choose three.)
WEP
WPA2
WPA
802.11q
802.11i
TKIP
Which website offers guidance on putting together a checklist to provide guidance on configuring and hardening operating systems?
Internet Storm Center
The Advanced Cyber Security Center
The National Vulnerability Database website
CERT
Which law was enacted to prevent corporate accounting-related crimes?
The Federal Information Security Management Act
Gramm-Leach-Bliley Act
Import/Export Encryption Act
Sarbanes-Oxley Act
Which cybersecurity weapon scans for use of default passwords, missing patches, open ports, misconfigurations, and active IP addresses?
Packet analyzers
Vulnerability scanners
Packet sniffers
Password crackers
A cybersecurity specialist is asked to identify the potential criminals known to attack the organization. Which type of hackers would the cybersecurity specialist be least concerned with?
Black hat hackers
Gray hat hackers
Script kiddies
White hat hackers
What is an example of early warning systems that can be used to thwart cybercriminals?
Infragard
ISO/IEC 27000 program
Honeynet project
CVE database
Which technology should be used to enforce the security policy that a computing device must be checked against the latest antivirus update before the device is allowed to connect to the campus network?
SAN
VPN
NAC
NAS
Which data state is maintained in NAS and SAN services?
Stored data
Data in-transit
Encrypted data
Data in-process
Which technology can be used to ensure data confidentiality?
Hashing
Identity management
Encryption
RAID
What is an impersonation attack that takes advantage of a trusted relationship between two systems?
Man-in-the-middle
Spoofing
Spamming
Sniffing
Users report that the network access is slow. After questioning the employees, the network administrator learned that one employee downloaded a third-party scanning program for the printer. What type of malware might be introduced that causes slow performance of the network?
Virus
Worm
Spam
Phishing
What type of application attack occurs when data goes beyond the memory areas allocated to the application?
Buffer overflow
RAM Injection
SQL injection
RAM spoofing
What type of attack has an organization experienced when an employee installs an unauthorized device on the network to view network traffic?
Sniffing
Spoofing
Phishing
Spamming
A penetration testing service hired by the company has reported that a backdoor was identified on the network. What action should the organization take to find out if systems have been compromised?
Look for policy changes in Event Viewer.
Scan the systems for viruses.
Look for unauthorized accounts.
Look for usernames that do not have passwords.
Smart cards and biometrics are considered to be what type of access control?
Administrative
Technological
Logical
Physical
Which access control should the IT department use to restore a system back to its normal state?
Compensative
Preventive
Corrective
Detective
A user has a large amount of data that needs to be kept confidential. Which algorithm would best meet this requirement?
3DES
ECC
RSA
Diffie-Hellman
What happens as the key length increases in an encryption application?
Keyspace increases proportionally.
Keyspace decreases exponentially.
Keyspace decreases proportionally.
Keyspace increases exponentially.
You have been asked to describe data validation to the data entry clerks in accounts receivable. Which of the following are good examples of strings, integers, and decimals?
800-900-4560, 4040-2020-8978-0090, 01/21/2013
Male, $25.25, veteran
Female, 9866, $125.50
Yes/no 345-60-8745, TRF562
Which hashing technology requires keys to be exchanged?
Salting
AES
HMAC
MD5
What is a feature of a cryptographic hash function?
Hashing requires a public and a private key.
The hash function is a one-way mathematical function.
The output has a variable length.
The hash input can be calculated given the output value.
A VPN will be used within the organization to give remote users secure access to the corporate network. What does IPsec use to authenticate the origin of every packet to provide data integrity checking?
Salting
HMAC
CRC
Password
Your risk manager just distributed a chart that uses three colors to identify the level of threat to key assets in the information security systems. Red represents high level of risk, yellow represents average level of threat and green represents low level of threat. What type of risk analysis does this chart represent?
Quantitative analysis
Exposure factor analysis
Loss analysis
Qualitative analysis
Keeping data backups offsite is an example of which type of disaster recovery control?
Management
Preventive
Detective
Corrective
What are two incident response phases? (Choose two.)
Detection and analysis
Confidentiality and eradication
Prevention and containment
Mitigation and acceptance
Containment and recovery
Risk analysis and high availability
The team is in the process of performing a risk analysis on the database services. The information collected includes the initial value of these assets, the threats to the assets and the impact of the threats. What type of risk analysis is the team performing by calculating the annual loss expectancy?
Quantitative analysis
Qualitative analysis
Loss analysis
Protection analysis
What approach to availability provides the most comprehensive protection because multiple defenses coordinate together to prevent attacks?
Obscurity
Limiting
Layering
Diversity
Which utility uses the Internet Control Messaging Protocol (ICMP)?
NTP
Ping
RIP
DNS
In a comparison of biometric systems, what is the crossover error rate?
Rate of false positives and rate of acceptability
Rate of false negatives and rate of false positives
Rate of rejection and rate of false negatives
Rate of acceptability and rate of false negatives
Which protocol would be used to provide security for employees that access systems remotely from home?
WPA
SSH
SCP
Telnet
Which threat is mitigated through user awareness training and tying security awareness to performance reviews?
User-related threats
Device-related threats
Cloud-related threats
Physical threats
HVAC, water system, and fire systems fall under which of the cybersecurity domains?
Device
Network
Physical facilities
User
Technologies like GIS and IoE contribute to the growth of large data stores. What are two reasons that these technologies increase the need for cybersecurity specialists? (Choose two.)
They require 24-hour monitoring.
They collect sensitive information.
They contain personal information.
They increase processing requirements.
They require more equipment.
They make systems more complicated.
Which two groups of people are considered internal attackers? (Choose two.)
Ex-employees
Amateurs
Black hat hackers
Hacktivists
Trusted partners
Which methods can be used to implement multifactor authentication?
IDS and IPS
Tokens and hashes
VPNs and VLANs
Passwords and fingerprints
A security specialist is asked for advice on a security measure to prevent unauthorized hosts from accessing the home network of employees. Which measure would be most effective?
Implement a firewall.
Implement intrusion detection systems.
Implement a VLAN.
Implement RAID.
What type of attack will make illegitimate websites higher in a web search result list?
DNS poisoning
Browser hijacker
Spam
SEO poisoning
What is a nontechnical method that a cybercriminal would use to gather sensitive information from an organization?
Man-in-the-middle
Social engineering
Pharming
Ransomeware
Which algorithm will Windows use by default when a user intends to encrypt files and folders in an NTFS volume?
RSA
DES
AES
3DES
Before data is sent out for analysis, which technique can be used to replace sensitive data in nonproduction environments to protect the underlying information?
Data masking substitution
Steganography
Software obfuscation
Steganalysis
An organization plans to implement security training to educate employees about security policies. What type of access control is the organization trying to implement?
Administrative
Technological
Physical
Logical
Passwords, passphrases, and PINs are examples of which security term?
Authorization
Access
Authentication
Identification
What technique creates different hashes for the same password?
SHA-256
HMAC
CRC
Salting
You have been asked to implement a data integrity program to protect data files that need to be electronically downloaded by the sales staff. You have decided to use the strongest hashing algorithm available on your systems. Which hash algorithm would you select?
SHA-1
AES
MD5
SHA-256
What kind of integrity does a database have when all its rows have a unique identifier called a primary key?
Entity integrity
Referential integrity
Domain integrity
User-defined integrity
What approach to availability involves using file permissions?
Layering
Simplicity
Obscurity
Limiting
Which national resource was developed as a result of a U.S. Executive Order after a ten-month collaborative study involving over 3,000 security professionals?
ISO OSI model
NIST Framework
ISO/IEC 27000
The National Vulnerability Database (NVD)
What is the most difficult part of designing a cryptosystem?
Encryption algorithm
Reverse engineering
Key length
Key management
What technology should you implement to ensure that an individual cannot later claim that he or she did not sign a given document?
Asymmetric encryption
Digital certificate
Digital signature
HMAC
Which type of cybercriminal attack would interfere with established network communication through the use of constructed packets so that the packets look like they are part of the normal communication?
Packet sniffing
DNS spoofing
Packet forgery
Rogue Wi-Fi AP
An organization just completed a security audit. Your division was cited for not conforming to X.509 requirements. What is the first security control you need to examine?
VPNs and encryption services
Hashing operations
Data validation rules
Digital certificates
What technology can be implemented as part of an authentication system to verify the identification of employees?
A virtual fingerprint
A smart card reader
SHA-1 hash
A Mantrap
Which technology can be used to prevent a cracker from launching a dictionary or brute-force attack of a hash? Which technology could be used to prevent a cracker from launching a dictionary or brute-force attack off a hash?
AES
MD5
HMAC
Rainbow tables
YYx
Y
Xc
V
D
{"name":"SIGURNOST", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Test your knowledge in the ever-evolving field of cybersecurity with our engaging quiz designed for newcomers and experts alike. Answer a series of challenging questions and see how well you understand crucial concepts in cybersecurity.Key Features:Multiple-choice and checkbox questionsCovering various aspects of cybersecurityLearn while you play!","img":"https:/images/course4.png"}